Share

The prevalence of and damage caused by ransomware-style cyberattacks is greater in the education sector than any other industry, according to a newly released research report by security ratings firm BitSight.

The findings notably challenge what has become sort of conventional wisdom across the cybersecurity sector; with the general consensus being that hospitals are at the greatest risk of such attacks. Healthcare records are understood to be amongst the most valuable files for sale on the dark web, as they typically contain personal, financial, medical and patient employment information.

“Although patient data makes healthcare organizations a prime target for ransomware attacks, other industries are [also] … on a cyber criminal’s radar,” the report reads, “Intellectual property, classified government documents, and private financial data are just some of the types of records that cyber criminals may pursue within other industries.”

In June, the University of Calgary publicly disclosed that it had paid a $20,000 ransom to a hacker after malware encrypted the university’s email servers. Two months later, cybersecurity firm SentinelOne found that Bournemouth University — an institution that boasts its own cybersecurity center — had been hit roughly 21 times with ransomware-style attacks over a one year period reaching back to 2015.

“While several ransomware attacks on healthcare companies have made headlines this year, the issue is more widespread. Our analysis shows that the education sector is actually the most impacted group, followed by government,” Stephen Boyer, co-founder and CTO of BitSight, said in a statement.

Data analyzed and collected by BitSight from more than 18,000 participating companies was used to identify common forms and infection patterns of ransomware affecting six broad industries, including finance, healthcare, education, energy, retail and government.

Of the six industries examined, government had the second-lowest security rating, yet the second highest rate of ransomware attacks.

In March, a small, local police station in Melrose, Mass. — which would be categorized as “government” in the aforementioned research study — experienced a ransomware attack on its incident response-logging software, which allows officers to process records remotely, according to the International Business Times. Melrose Police ultimately paid a ransom to regain access to those systems.

“On the Federal level, a successful ransomware infection could be very detrimental,” said Jacob Olcott, a vice president at BitSight.

“What happens when a successful ransomware infection does occur? What is the government’s policy on reporting ransomware infections, and paying ransoms? Since many experts expect ransomware to become more targeted and sophisticated, these questions are paramount,” said Olcott, a former legal adviser to the Senate Commerce Committee and Chairman John D. Rockefeller’s lead negotiator on cybersecurity legislation.